Content-Type​
of ​application/json
,​ with the event payload as JSON in the request body. We also send the following headers:X-Snyk-Event
the name of the event and the version of the payload, such as ping/v1
X-Snyk-Transport-ID
a GUID to identify this deliveryX-Snyk-Timestamp
an ISO 8601 timestamp for when the event occurred, e.g. 2020-09-25T15:27:53Z
X-Hub-Signature
the HMAC hex digest of the request body which is used to secure your webhooks and ensure the request did indeed come from SnykUser-Agent​
identifies the origin of the request, e.g. ​Snyk-Webhooks/XXX
X-Hub-Signature
​header, which contains the hash signature for the transport. The signature is a HMAC hexdigest of the request body, generated using sha256 and your secret as the HMAC key.X-Hub-Signature​
always starts with​ sha256=